Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
58
GitHub Actions
50
Go
3,791
Maven
5,000+
npm
5,000+
NuGet
938
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,349
Swift
54
Unreviewed advisories
All unreviewed
5,000+

239 advisories

Loading
Prometheus exporter process crash via malformed HTTP request High
CVE-2026-44902 was published for @opentelemetry/auto-instrumentations-node (npm) May 11, 2026
homanp Credited to homanp, pichlermarc, and arminru pichlermarc pichlermarc
arminru arminru
free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser via Reflect.Set on incompatible types High
CVE-2026-44325 was published for github.com/free5gc/nrf (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (attacker-controlled notifyUri) High
CVE-2026-44319 was published for github.com/free5gc/nef (Go) May 8, 2026
LinZiyuu Credited to LinZiyuu
ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete does not blacklist JTI High
GHSA-fpw6-hrg5-q5x5 was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals High
CVE-2026-34065 was published for nimiq-primitives (Rust) Apr 22, 2026
1seal Credited to 1seal and paberr paberr paberr
Concurrent execution using shared resource with improper synchronization ('race condition') in ... High Unreviewed
CVE-2026-23666 was published Apr 14, 2026
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation... High Unreviewed
CVE-2026-28542 was published Mar 5, 2026
Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed High
CVE-2026-27586 was published for github.com/caddyserver/caddy/v2 (Go) Feb 24, 2026
moscowchill Credited to moscowchill
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper... High Unreviewed
CVE-2026-0203 was published Jan 15, 2026
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE... High Unreviewed
CVE-2026-21906 was published Jan 15, 2026
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated... High Unreviewed
CVE-2025-53702 was published Oct 23, 2025
A security issue exists within the Studio 5000 Logix Designer add-on profile (AOP) for the... High Unreviewed
CVE-2025-9437 was published Oct 14, 2025
quic-go: Panic occurs when queuing undecryptable packets after handshake completion High
CVE-2025-59530 was published for github.com/quic-go/quic-go (Go) Oct 10, 2025
rsukhodolskyi Credited to rsukhodolskyi
Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application include Windows... High Unreviewed
CVE-2025-34193 was published Sep 19, 2025
A security issue exists in the protected mode of EN4TR devices, where sending specifically... High Unreviewed
CVE-2025-8008 was published Sep 9, 2025
Volto affected by possible DoS by invoking specific URL by anonymous user High
CVE-2025-58047 was published for @plone/volto (npm) Aug 28, 2025
Vulnerability of improper processing of abnormal conditions in huge page separation. Impact:... High Unreviewed
CVE-2025-54634 was published Aug 6, 2025
An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF)... High Unreviewed
CVE-2025-52948 was published Jul 11, 2025
An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper... High Unreviewed
CVE-2025-52947 was published Jul 11, 2025
Babylon vulnerable to chain half when transaction has fees different than `ubbn` High
GHSA-56j4-446m-qrf6 was published for github.com/babylonlabs-io/babylon (Go) Jun 30, 2025
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an... High Unreviewed
CVE-2025-29826 was published May 13, 2025
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code... High Unreviewed
CVE-2024-49841 was published May 6, 2025
Vulnerability of improper authentication logic implementation in the file system module Impact:... High Unreviewed
CVE-2025-46584 was published May 6, 2025
React Router allows a DoS via cache poisoning by forcing SPA mode High
CVE-2025-43864 was published for react-router (npm) Apr 24, 2025
cold-try Credited to cold-try
LlamaIndex Improper Handling of Exceptional Conditions vulnerability High
CVE-2024-12704 was published for llama-index-core (pip) Mar 20, 2025
fossilet Credited to fossilet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database